........
Sent from my iPhone
On Sep 26, 2012, at 5:09 PM, "Guardgrid" <[email protected]> wrote:
> No in the doc. What about the route to the discard addr on the trigger, is
> that needed?
>
> Sent from my iPhone
>
> On Sep 26, 2012, at 6:46 PM, Fawad Khan <[email protected]> wrote:
>
> No.
>
> On Wednesday, September 26, 2012, GuardGrid wrote:
> Hi,
> Is there any info on RTBH on the DOC CD?
>
> I could only find this
> http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf
> http://packetlife.net/blog/2009/jul/6/remotely-triggered-black-hole-rtbh-routing/
>
> and obviously this will not be available during the exam.
>
> I thought I understood the basic concept here but I am unable to get this to
> work without adding a route for the discard address on the trigger router.
> Both the links above only suggest that we add the route to null0 on the edge
> routers and only the route for the destination (victim) to be added on the
> trigger router.
>
> Destination RTBH
> =================
> 1. Add route to null0 for the discard address on the edge routers
> 2. On the Trigger router Create a route map and match for a specific tag and
> set the next hop to that discard address.
> 3. As a best practice also set the origin to IGP (make it more preferred) and
> community to no-export (don't advertise outside the AS)
> 4. Add this route map for static redistribution under the BGP process on the
> trigger router.
>
> 5. Now when the victim in question is under attack then add a static route
> pointing to null0 with that tag on the trigger router so that this will be
> redistributed
> via BGP to the edge routers .
>
>
> Can you tell me what I am missing here?
>
> I am having to add a route for the discard addr on the trigger router as well
> which I do not see mentioned in any doc.
>
>
> -Srikant
>
>
>
> --
> FNK, CCIE Security#35578
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
> Are you a CCNP or CCIE and looking for a job? Check out
> www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
